This article addresses an issue where users receive an error message on every login for a production application using Next.js.

Invalid Authorization Code

• nextjs-auth0 v2.6.2

A 403 response occurs because a second, duplicate request is sent using the same authorization code. An authorization code can only be used once. The Next.js application interprets this second failed request as a failed login. 

1. Review application logs to determine if duplicate code exchange requests are being sent using the same authorization code.

2. Compare production logs with local environment logs. The issue may be external if it does not occur locally.

3. Investigate and resolve any networking or caching problems (for example, in Cloudflare Workers) that are causing the duplicate requests.